VB.NET sql connection statement syntax question...

I need to query a DB using a variable from a textbox.  The strSearch will hold the string to search for using the LIKE option.

How do I use a variable (strSearch) in the SQL statement with the % wildcard?  

Where (T4.PROJ_ID LIKE %'strSearch'%)  ???  That isn't right...

Is this SQL syntax or VB?

Thanks in advance...
Weller0123Asked:
Who is Participating?
 
gregoryyoungConnect With a Mentor Commented:
String WhereClause = "Where T4.PROJ_ID LIKE %" & txtSearch.Text.Replace("'","''") & "%'";

WhereClause = WhereWhere T4.PROJ_ID LIKE '%TEXT%'

that will find anything with txtSearch.text in it ...
use a % for wild chars anywhere in the string

remember to either use the sqltypes or to escape things like ' out of your field otherwise someone can use it to attack your database
0
 
KarunSKConnect With a Mentor Commented:
Is this what you want?

Dim strWhereClause As String = "Where (T4.PROJ_ID LIKE '%" & strSearch & "%')"

0
 
mmarinovConnect With a Mentor Commented:
the one way is to use parameters
if you want to build direct the sql statement
you can use
"select * from T4 where (T4.Proj_ID Like '%" & strSearch & "%')"

hth
b..m
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.